If Opt-In for Recovery Key Use - is 2FA Still Available

If you choose to use the Recovery Key option, and you have exhausted all other ways to re-establish whichever one of the two factors that you need (either a new passcode, or a new Trusted Device or Phone Number), then the only way to recover access to your Apple account at that point would be to use your Recovery Key.

However, if you lose or no longer have access to that key, you will then permanently lose access to your Apple account.

If you do not set up a Recovery Key for your 2FA account, and you are in the situation described, you will then use the Account Recovery process: Recover your Apple ID when you can’t reset your password - Apple Support

The Recovery Key option is only available to people who are being switched to 2FA that are currently using Two-Step Verification, so the Recovery Key option is limited to a small group of people. In my opinion, the safer route is to not select the RK option since there is a good chance that if you have issues with it, you may be hard pressed to find someone with enough knowledge regarding this method to be able to effectively help you.

Best,

GB

No, it doesn't change the way that 2FA works. It just changes the way you recover your Apple account if you have forgotten one of your two-factor pieces. But again, be aware that if you lose that key, and you need to recover, you are toast.

Best.

GB

This change is very recent so what you could do in 2017 is apparently no longer right. Now, I don't know about iDevices because I haven't looked on them.

Based on what the OP has reported, it appears that the information in that Archived article are still applicable for anyone who is still currently using an Apple account that has Two-Step Verification still in place. I know that if you have an Apple account that was using Two-Step Verification on it, that won't be changed to 2FA until you sign that ID into your Apple account or iCloud. I have a very old account that did not change to 2FA until late last year sometime when I finally signed it into iCloud on a different user account on my Mac for testing purposes. I believe I opted out of the Recovery Key option because I didn't want another piece of data that I would need to save permanently somewhere.

So, it sounds like that is still how it works even though the article is archived. I think the "Archived" term primarily means that the article is no longer being updated, since the information in them is never going to change, rather than that the info contained therein is no longer valid.

GB

Your Recovery Key, I presume, is for you encrypted disk drive. 2FA is protection for your Apple ID. These are two different security protections. According to Two-factor authentication for Apple ID - Apple Support:

Because your password alone is no longer enough to access your account, two-factor authentication dramatically improves the security of your Apple ID and all the personal information you store with Apple.

I'm not sure that any of this applies to your Recovery Key unless it is considered personal information. My interpretation is that it is not. You may find a better discussion in these: How to find your FileVault recovery key in macOS, OS X- How to create and deploy a recovery key for FileVault 2, and Lost your iCloud recovery key? Here's how to generate a new one!.

Gail,

I was just inspecting my account and reading the article Lost your iCloud recovery key? Here's how to generate a new one! I no longer can locate anything about a Recovery Key for use with 2FA. It appears that Apple only needs your to provide a Verification code sent to one of your trusted devices or telephone number(s). Would you happen to have a link I can peruse? Now I just feel a bit stupid not to know better.

Barging into the conversation...............

Your article is about the 2 Step Verification Recovery Key. This is the only article I've ever found about the 2 Factor Authentication Recovery Key. It is also archived, which makes me wonder if you can still generate a key for 2 Factor Authentication??

Generate a recovery key after you update to two-factor authentication

Since asking, Eric, I found that article but it is now archived. The most recent article about 2FA does not mention a Recovery Key nor is the option for one found, now, in my Apple ID account. I believe what is left is the receipt of a verification code from Apple sent to all of our listed, trusted devices and/or phone numbers. I have used these in the past to make changes to the password for my Apple ID. I also checked iCloud preferences' Security tab in which no option appears to provide a Recovery Key.

It seems that this option is now gone. You, me and Gail all failed to provide S1000guy with the right answer about an Apple ID recovery key - there taint none, no mo'. 😕

BTW - I now have the option to create a New Recovery Key - If I lose my existing Recovery Key or if someone else knows it

Yes, you can generate a new Recovery Key at any time as long as you are not trying to actually do a Recovery. If you are trying to do a Recovery, and you don't know what it is, then you wouldn't be able to generate a new one at that point.

GB

I have no argument there, but when I read through that link and the others, then got into my account I could find no evidence of how I could generate a recovery key. iCloud preferences is supposed to have an option for setting a recovery key under the Security tab. But no such option appears.

Now, it is conceivable that I was asked to create a recovery key when installing a macOS upgrade but declined to do so. But the article to which we have all referred does not appear to provide any method by which I could create a recovery key on my installed system - the current macOS Beta. Those of you who have seen a contrary view are likely running a different macOS than I, so the question is are you using 10.14.3 or an earlier version of Mojave?

This is a curious mystery.

How very strange. I have never volunteered for 2FA in the past. When it was about to become mandatory I turned it on. I never used 2AV. I truly don't much care for 2FA since it can be a PITA, especially if you forget your Apple ID's password. Just another hoop to jump through because the OS has been buggy since day one, and remains so.

Thanks for the explanation. Maybe I was in the hospital when all of that was explained and didn't get the memo. Or maybe I got the memo and don't remember. I don't remember lots of things these days. I'll hit 77 in 32 days!